[bhb]

I was imagining presenting our security model to someone (or a team), having them ask questions, and then do some analysis of our systems to make sure we've implemented the model correctly (and don't have other gaping holes). Although a full audit of the code would be much more complete and secure, I was looking for a slightly different risk/cost tradeoff.

[jamess]

Generally, this sort of thing isn't worthwhile unless the liabilities you're exposed to by being broken are in excess of about $10M. Anything less than that, and it's a job for a butch insurance policy.

If you're reasonably confident that you've got a decent security model, and you've coded it defensively you're probably OK. I wouldn't stress about it too much at this point.

[bhb]

We're certainly under $10M in liability, we're confident in our model, and we're seeking less formal (but free) feedback from friends and peers on it, so I think you're right - we just won't stress about it too much right now.

Thanks a lot for the advice. I really appreciate it.